Installing OpenVPN on a DataPacket VPS

Virtual Private Networks (VPNs) are becoming increasingly popular as they offer a secure and private connection to the internet, protecting your data from hackers, snoopers, and censorship. OpenVPN is a widely-used open-source VPN protocol that provides a reliable and secure VPN solution.

In this article, we’ll guide you through the process of installing the community version of OpenVPN on a Virtual Private Server (VPS) provided by DataPacket.

DataPacket’s OpenVPN VPS Hosting

DataPacket is a leading provider of high-performance VPS hosting, offering an ideal platform for deploying your OpenVPN server. With DataPacket’s VPS hosting, you can enjoy a range of benefits, including:

High-performance servers: DataPacket’s VPS hosting ensures a fast and reliable connection, with low latency and high throughput.

Control: With a DataPacket VPS, you have full control over your server and can configure it according to your needs.

Security: A DataPacket VPS ensures a higher level of security, as your data is isolated from other users on the same physical server.

Scalability: DataPacket’s VPS resources can be easily adjusted to accommodate growing needs.

Cost-effective: Compared to dedicated servers, DataPacket’s VPS hosting is more affordable and offers an excellent balance between cost and performance.

24/7 support: DataPacket provides round-the-clock customer support to help you resolve any issues you may encounter.

Installing the Community Version of OpenVPN on a DataPacket VPS

In this tutorial, we’ll cover the installation of OpenVPN on an Ubuntu VPS provided by DataPacket. However, the process is similar for other Linux distributions. Before starting, ensure that your DataPacket VPS is up-to-date by running the following commands:

sudo apt-get update
sudo apt-get upgrade

Step 1: Install OpenVPN and Easy-RSA

First, we’ll install the OpenVPN package and Easy-RSA, a tool for managing SSL/TLS certificates:

sudo apt-get install openvpn easy-rsa

Step 2: Configure the Certificate Authority (CA)

Next, we’ll set up a Certificate Authority (CA) to generate and manage the necessary SSL/TLS certificates:

Create a directory for the CA:

mkdir -p ~/easy-rsa
cp -r /usr/share/easy-rsa/* ~/easy-rsa
cd ~/easy-rsa

Edit the ‘vars’ file to customize the CA:

nano vars

Set the appropriate values for the following variables:

export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="YourOrganization"
export KEY_EMAIL="you@example.com"

Save the changes and exit the editor by pressing CTRL+X, followed by Y and Enter.

Source the ‘vars’ file and clean up any previous CA configurations:

source vars
./clean-all

Build the CA:

./build-ca

Follow the prompts and provide the necessary information. The CA will generate a public key and private key, which will be used to sign the server and client certificates.

Step 3: Generate Server and Client Certificates

Create the server certificate and key:

./build-key-server server

Generate the Diffie-Hellman (DH) key exchange parameters:

./build-dh

Create a client certificate and key:

./build-key client1

You can replace ‘client1’ with a descriptive name for the client.

Step 4: Configure OpenVPN

Copy the necessary files to the OpenVPN directory:

cd ~/easy-rsa/keys
sudo cp ca.crt server.crt server.key dh2048.pem /etc/openvpn

Configure OpenVPN by creating a new configuration file:

sudo nano /etc/openvpn/server.conf

Add the following configuration to the file, adjusting the parameters as needed:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

Save the changes and exit the editor.

Step 5: Enable IP Forwarding

Enable IP forwarding to allow your VPN clients to access the internet through the VPN server:

Open the sysctl configuration file:

sudo nano /etc/sysctl.conf

Uncomment or add the following line:

net.ipv4.ip_forward=1

Save the changes and exit the editor.

Apply the new settings:

sudo sysctl -p

Step 6: Configure Firewall Rules

Set up firewall rules to route the VPN traffic:

Install the Uncomplicated Firewall (UFW) if it’s not already installed:

sudo apt-get install ufw

Allow SSH and OpenVPN traffic through the firewall:

sudo ufw allow ssh
sudo ufw allow 1194/udp

Configure the firewall to forward traffic:

sudo nano /etc/ufw/before.rules

Add the following lines at the beginning of the file:

*nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE COMMIT

Replace ‘eth0’ with the appropriate network interface if needed.

Save the changes and exit the editor.

Enable the firewall:

sudo ufw enable

Step 7: Start the OpenVPN Server

Start the OpenVPN server:

sudo systemctl start openvpn@server

Enable the OpenVPN service to start on boot:

sudo systemctl enable openvpn@server

Step 8: Configure the VPN Client

To connect a client to the VPN server, you’ll need to provide the client with the necessary certificates and keys.

Create a new directory on the client machine to store the files:

mkdir -p ~/client-configs

Transfer the following files from the server to the client’s ‘~/client-configs’ directory:

ca.crt
client1.crt (or the client certificate you created)
client1.key (or the client key you created)

Create a new OpenVPN client configuration file (client.ovpn) on the client machine:

nano ~/client-configs/client.ovpn

Add the following configuration to the file, replacing “YOUR_SERVER_IP” with your server’s IP address:

client
dev tun
proto udp
remote YOUR_SERVER_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote
-cert-tls server
ca ca.crt
cert client1.crt
key client1.key
cipher AES-256-CBC
verb 3

Save the changes and exit the editor.

Step 9: Connect to the VPN Server

Now that your OpenVPN server is up and running, you can connect your client to the server using the client.ovpn configuration file.

On Windows or macOS, download and install the official OpenVPN client from the OpenVPN website and import the client.ovpn file.

On Linux, install the OpenVPN package and run the following command:

sudo openvpn --config ~/client-configs/client.ovpn

Conclusion

By following these steps, you have successfully installed the community version of OpenVPN on a DataPacket VPS and configured it to establish a secure and private connection to the internet.

With your own VPN server hosted on DataPacket’s high-performance VPS hosting, you can now enjoy the benefits of increased privacy, security, and freedom while browsing the web.

Kevin Williams

Kevin holds a Senior Tech position at DataPacket, where he excels as both a web developer and graphic designer. With his expertise in technical support, he consistently goes above and beyond, surpassing the expectations of clients and colleagues alike.